On Fri, Mar 10, 2023 at 11:57 AM Yann Ylavic <ylavic....@gmail.com> wrote: > > On Fri, Mar 10, 2023 at 4:34 PM Eric Covener <cove...@gmail.com> wrote: > > > > Saw another report on users@ > > > > Any thoughts on something like this to just allow spaces? > > http://people.apache.org/~covener/patches/rewrite-lax.diff > > What about: > > Index: modules/mappers/mod_rewrite.c > =================================================================== > --- modules/mappers/mod_rewrite.c (revision 1908254) > +++ modules/mappers/mod_rewrite.c (working copy) > @@ -4814,7 +4814,8 @@ static int hook_uri2file(request_rec *r) > apr_size_t flen; > int to_proxyreq; > > - if (r->args && *(ap_scan_vchar_obstext(r->args))) { > + if (rulestatus == ACTION_NOESCAPE > + && r->args && *(ap_scan_vchar_obstext(r->args))) { > /* > * We have a raw control character or a ' ' in r->args. > * Correct encoding was missed.
I think it helps for the users@ redirect case, but I think we still have a concern with non-redirect (where IIUC there is not any escaping even w/o the flag/status, but I am not 100% sure on this)
